The General Data Protection Act comes into force on the 25th May 2018, so the time to prepare is now.

Many organisations will have already adopted privacy policies and processes in line with the current Data Protection Directive. However, the GDPR presents plenty of new considerations as well as significant threats for those who do not comply. 

Designed to streamline data privacy requirements across all 28 EU member states, the GDPR impacts everybody who markets to, or processes, information on EU data subjects. 

Is your business GDPR-ready? We've put together three key facts on exactly what is changing in the world of data protection to help you make sense of what's to come.

Consent is changing

Arguably the biggest change in how data is kept, the GDPR has a large focus on subject consent. A company needs to make it fully clear when requesting data collection consent. Illegible terms and conditions full of inaccessible legalese is no longer allowed. 

Data subjects have the right to obtain confirmation that their data is being processed, as well as the right to ask why. They can also request information on: with whom the data may be shared; the period of storage; the rights to erasure; the rights to complain to the Data Protection Agency; the source of the data and details of any automated processing.

Should a participant wish to withdraw their data, this action must be as straightforward as the action in which they provided it. 

Penalties are changing

1/5 of UK firms do not fully understand the requirements to comply with GDPR. Should they be worried, then, that organisations who breach GDPR can be fined up to either 4% of annual global turnover or €20M - whichever's more?

Failure to comply and act quickly to align with GDPR requirements can have serious consequences - not just for a company's ROI, but on their customer relations and image too. 

Territorial scope is changing

Don't believe the myths that Brexit means GDPR will not apply to UK businesses. Brexit will take time, and in the meantime GDPR is round the corner.

The GDPR regulatory landscape is extended across all companies processing any personal data of all data subjects residing in the EU, regardless of company/processing location. In short, this means that even when we're out of the EU, any data you have on anybody residing in the EU must be compliant. 

We really are focused on you.

If you're wondering about how
you can comply to GDPR, let us help.

Our Managed Services function has recently received a Government-endorsed Cyber Essentials accreditation, and we're working hard to ensure that we, our customers and partners have the tools and awareness
they need to be compliant. 

Fill in the form below and we'll be in touch.